596354 – (CVE-2016-7798) <dev-lang/ruby-2.4.0: IV Reuse in GCM Mode

Bug 596354 (CVE-2016-7798) - <dev-lang/ruby-2.4.0: IV Reuse in GCM Mode

Summary: <dev-lang/ruby-2.4.0: IV Reuse in GCM Mode

Status:	RESOLVED FIXED

Alias:	CVE-2016-7798

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	B3 [noglsa cve]
Keywords:	PATCH

Depends on:
Blocks:

Reported:	2016-10-06 15:46 UTC by Agostino Sarubbo
Modified:	2019-10-26 21:22 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2016-10-06 15:46:13 UTC

From ${URL} :

An IV reuse bug was discovered in Ruby's OpenSSL library when using
aes-gcm. When encrypting data with aes-*-gcm, if the IV is set before
setting the key, the cipher will default to using a static IV. This creates
a static nonce and since aes-gcm is a stream cipher, this can lead to known
cryptographic issues.

References:

http://seclists.org/oss-sec/2016/q3/562

Upstream bug:

https://github.com/ruby/openssl/issues/49

Upstream patch:

https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Aaron Bauman (RETIRED) gentoo-dev

2016-11-26 00:38:42 UTC

@maintainer(s), can you patch or is this already in a release?

Comment 2 Hans de Graaff gentoo-dev

2016-11-26 07:30:00 UTC

This is fixed in the ruby-openssl repository, but we use the bundled (or rather, embedded) version distributed with dev-lang/ruby itself and that has not been updated yet. Backporting doesn't look trivial because this patch builds upon additional changes made in ruby-openssl. It may be possible to unbundle this for ruby 2.3.

Comment 3 Yury German Gentoo Infrastructure

2017-03-26 13:52:19 UTC

Hans, if you can please do not add version info, until you are ready to call for stabilization.

Comment 4 Christopher Díaz Riveros (RETIRED) gentoo-dev

2018-05-27 15:22:05 UTC

@Hans

Ruby target 22 was already dropped, were you able to unbundle this in 23? 

Thanks

Comment 5 Hans de Graaff gentoo-dev

2018-07-20 05:09:14 UTC

(In reply to Christopher Díaz Riveros from comment #4)

> Ruby target 22 was already dropped, were you able to unbundle this in 23? 

I haven't tried yet and I am also hesitant to do so since it may introduce hard-to-find compatability issues since ruby packages expect to find specific openssl versions bundled with different ruby versions.

I think it makes more sense now to focus on removal of ruby23 which can be started once ruby24 is stable.

Comment 6 Aaron Bauman (RETIRED) gentoo-dev

2019-09-07 17:51:57 UTC

(In reply to Hans de Graaff from comment #5)
> (In reply to Christopher Díaz Riveros from comment #4)
> 
> > Ruby target 22 was already dropped, were you able to unbundle this in 23? 
> 
> I haven't tried yet and I am also hesitant to do so since it may introduce
> hard-to-find compatability issues since ruby packages expect to find
> specific openssl versions bundled with different ruby versions.
> 
> I think it makes more sense now to focus on removal of ruby23 which can be
> started once ruby24 is stable.

Hans, thank for the info. ruby23 is gone now. Was this fixed in Ruby24?

Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev

2019-10-26 21:22:42 UTC

It's fixed in dev-lang/ruby since https://github.com/ruby/ruby/commit/aab0d67a1ff5190ff7a951e40cee742210302aed which is present since >=dev-lang/ruby-2.4.0!

GLSA Vote: No!

Repository is clean, all done!